CodeQL runs slower if the container runs as a user other than root

[cmcdougall]

I've extended the Dockerfile to make some changes to the startup.py file required for my use case. I changed the Dockerfile to run as another user instead of root, but I noticed that the code scanning takes significantly longer - hours, instead of minutes - to complete.

Here is the Dockerfile I'm using:

FROM mcr.microsoft.com/cstsectools/codeql-container

ARG USERNAME=codeql

RUN adduser --system $USERNAME
RUN apt update && apt install -y git

EXPOSE 5000

WORKDIR /usr/local/startup_scripts/

COPY requirements.txt ./
RUN pip install -r ./requirements.txt

COPY CodeQL/main.py ./startup_server.py

USER ${USERNAME}

ENTRYPOINT ["python3", "-u", "/usr/local/startup_scripts/startup_server.py"]

Any help would be really appreciated! 😄

[jacobmsft]

Thanks for reporting the issue, Cameron! If you could send me a PR with the user being changed to a non privileged account, I'd be happy to accept it.